Vulnerabilities > Oracle > Utilities Framework > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-20 | CVE-2020-14756 | Unspecified vulnerability in Oracle Coherence and Utilities Framework Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core Components). | 9.8 |
| 2020-05-01 | CVE-2020-10683 | XXE vulnerability in multiple products dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. | 9.8 |
| 2020-01-15 | CVE-2020-2555 | Deserialization of Untrusted Data vulnerability in Oracle products Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). | 9.8 |
| 2019-10-10 | CVE-2019-17495 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. | 9.8 |
| 2019-07-23 | CVE-2019-10173 | Code Injection vulnerability in multiple products It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. | 9.8 |
| 2018-03-20 | CVE-2018-8088 | org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. | 9.8 |